CVE-2017-5135

Published: Apr 27, 2017Modified: May 13, 2026

9.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Certain Technicolor devices have an SNMP access-control bypass, possibly involving an ISP customization in some cases. The Technicolor (formerly Cisco) DPC3928SL with firmware D3928SL-P15-13-A386-c3420r55105-160127a could be reached by any SNMP community string from the Internet; also, you can write in the MIB because it provides write properties, aka Stringbleed. NOTE: the string-bleed/StringBleed-CVE-2017-5135 GitHub repository is not a valid reference as of 2017-04-27; it contains Trojan horse code purported to exploit this vulnerability.

Affected (1)

Products: Technicolor: Dpc3928sl Firmware

1 product

Dpc3928sl Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Technicolor Dpc3928sl Firmware	Version d3928sl-p15-13-a386-c3420r55105-160127a

Running on/with	Platform Versions
Technicolor Dpc3928sl	All versions

References (6)

http://www.securityfocus.com/bid/98092

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://stringbleed.github.io/

Source: cve@mitre.org

Technical DescriptionThird Party Advisory

https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/

Source: cve@mitre.org

Press/Media CoverageThird Party Advisory

http://www.securityfocus.com/bid/98092

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://stringbleed.github.io/

Source: af854a3a-2127-422b-91ae-364da2661108

Technical DescriptionThird Party Advisory

https://www.reddit.com/r/netsec/comments/67qt6u/cve_20175135_snmp_authentication_bypass/

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media CoverageThird Party Advisory

Timeline

No history available yet.